archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/protocols/schannel/utest/sslcache/sslcache.c

493 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #include <nt.h>
  2. #include <ntrtl.h>
  3. #include <nturtl.h>
  4. #include <stdio.h>
  5. #include <windows.h>
  6. #include <wincrypt.h>
  8. #define SECURITY_WIN32
  9. #include <security.h>
  10. #include <sspi.h>
  11. #include <ntsecapi.h>
  12. #include <ntrtl.h>
  13. #include <schannel.h>
  14. #include <sslcache.h>
  16. #define LIST_CACHE_ENTRIES 1
  17. #define LIST_ENTRIES_INTERACTIVE 2
  18. #define PURGE_CACHE_ENTRIES 3
  20. DWORD dwOperation = LIST_CACHE_ENTRIES;
  21. BOOL fIncludeClient = FALSE;
  22. BOOL fIncludeServer = FALSE;
  23. BOOL fIncludeMappedEntries = FALSE;
  24. LPSTR pszServerName = NULL;
  26. void
  27. DisplayCacheInfo(
  28. HANDLE LsaHandle,
  29. DWORD PackageNumber,
  30. BOOL fClient,
  31. BOOL fServer);
  33. void
  34. PurgeCacheEntries(
  35. HANDLE LsaHandle,
  36. DWORD PackageNumber);
  38. void
  39. DisplayCacheInfoInteractive(
  40. HANDLE LsaHandle,
  41. DWORD PackageNumber);
  43. void Usage(void)
  44. {
  45. printf("USAGE: sslcache [ operation ] [ flags ]\n");
  46. printf("\n");
  47. printf(" OPERATIONS:\n");
  48. printf(" -l List cache entries (default)\n");
  49. printf(" -i List cache entries interactively\n");
  50. printf(" -p Purge cache entries\n");
  51. printf("\n");
  52. printf(" FLAGS:\n");
  53. printf(" -c Include client entries (default)\n");
  54. printf(" -s Include server entries\n");
  55. printf(" -S Include IIS mapped server entries (purge only)\n");
  56. }
  58. void _cdecl main(int argc, char *argv[])
  59. {
  60. DWORD Status;
  61. HANDLE LsaHandle;
  62. DWORD PackageNumber;
  63. LSA_STRING PackageName;
  64. BOOLEAN Trusted = TRUE;
  65. BOOLEAN WasEnabled;
  66. STRING Name;
  67. ULONG Dummy;
  69. INT i;
  70. INT iOption;
  71. PCHAR pszOption;
  73. //
  74. // Parse user-supplied parameters.
  75. //
  77. for(i = 1; i < argc; i++)
  78. {
  79. if(argv[i][0] == '/') argv[i][0] = '-';
  81. if(argv[i][0] != '-')
  82. {
  83. printf("**** Invalid argument \"%s\"\n", argv[i]);
  84. Usage();
  85. return;
  86. }
  88. iOption = argv[i][1];
  89. pszOption = &argv[i][2];
  91. switch(iOption)
  92. {
  93. case 'l':
  94. dwOperation = LIST_CACHE_ENTRIES;
  95. break;
  97. case 'i':
  98. dwOperation = LIST_ENTRIES_INTERACTIVE;
  99. break;
  101. case 'p':
  102. dwOperation = PURGE_CACHE_ENTRIES;
  103. break;
  105. case 'c':
  106. fIncludeClient = TRUE;
  107. break;
  109. case 's':
  110. if(*pszOption == '\0')
  111. {
  112. fIncludeServer = TRUE;
  113. }
  114. else
  115. {
  116. pszServerName = pszOption;
  117. fIncludeClient = TRUE;
  118. }
  119. break;
  121. case 'S':
  122. fIncludeMappedEntries = TRUE;
  123. fIncludeServer = TRUE;
  124. break;
  126. default:
  127. printf("**** Invalid option \"%s\"\n", argv[i]);
  128. Usage();
  129. return;
  130. }
  131. }
  134. //
  135. // If neither client nor server was specified by user set appropriate default.
  136. //
  138. if(!fIncludeClient && !fIncludeServer)
  139. {
  140. if(dwOperation == PURGE_CACHE_ENTRIES)
  141. {
  142. fIncludeClient = TRUE;
  143. }
  144. else
  145. {
  146. fIncludeClient = TRUE;
  147. fIncludeServer = TRUE;
  148. }
  149. }
  152. //
  153. // Get handle to schannel security package.
  154. //
  156. Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, FALSE, &WasEnabled);
  157. if (!NT_SUCCESS(Status))
  158. {
  159. Trusted = FALSE;
  160. }
  161. RtlInitString(
  162. &Name,
  163. "sslcache");
  165. if(Trusted)
  166. {
  167. Status = LsaRegisterLogonProcess(
  168. &Name,
  169. &LsaHandle,
  170. &Dummy);
  172. if(FAILED(Status))
  173. {
  174. printf("**** Error 0x%x returned by LsaRegisterLogonProcess\n", Status);
  175. return;
  176. }
  177. }
  178. else
  179. {
  180. Status = LsaConnectUntrusted(&LsaHandle);
  182. if(FAILED(Status))
  183. {
  184. printf("**** Error 0x%x returned by LsaConnectUntrusted\n", Status);
  185. return;
  186. }
  187. }
  189. PackageName.Buffer = UNISP_NAME_A;
  190. PackageName.Length = (USHORT)strlen(PackageName.Buffer);
  191. PackageName.MaximumLength = PackageName.Length + 1;
  193. Status = LsaLookupAuthenticationPackage(
  194. LsaHandle,
  195. &PackageName,
  196. &PackageNumber);
  197. if(FAILED(Status))
  198. {
  199. printf("**** Error 0x%x returned by LsaLookupAuthenticationPackage\n", Status);
  200. CloseHandle(LsaHandle);
  201. return;
  202. }
  205. //
  206. // Perform specified operation.
  207. //
  209. if(dwOperation == LIST_CACHE_ENTRIES)
  210. {
  211. printf("\nDISPLAY CACHE ENTRIES\n");
  212. printf("\n");
  214. if(fIncludeClient)
  215. {
  216. printf("--CLIENT--\n");
  217. DisplayCacheInfo(LsaHandle, PackageNumber, TRUE, FALSE);
  218. }
  220. if(fIncludeServer)
  221. {
  222. printf("--SERVER--\n");
  223. DisplayCacheInfo(LsaHandle, PackageNumber, FALSE, TRUE);
  224. }
  226. if(fIncludeClient && fIncludeServer)
  227. {
  228. printf("--TOTAL--\n");
  229. DisplayCacheInfo(LsaHandle, PackageNumber, TRUE, TRUE);
  230. }
  231. }
  232. else if(dwOperation == LIST_ENTRIES_INTERACTIVE)
  233. {
  234. DisplayCacheInfoInteractive(LsaHandle, PackageNumber);
  235. }
  236. else
  237. {
  238. PurgeCacheEntries(LsaHandle, PackageNumber);
  239. }
  242. CloseHandle(LsaHandle);
  243. }
  246. void
  247. PurgeCacheEntries(
  248. HANDLE LsaHandle,
  249. DWORD PackageNumber)
  250. {
  251. PSSL_PURGE_SESSION_CACHE_REQUEST pRequest;
  252. DWORD cchServerName;
  253. DWORD cbServerName;
  254. DWORD SubStatus;
  255. DWORD Status;
  257. printf("\nPURGE CACHE ENTRIES\n");
  258. printf("Client:%s\n", fIncludeClient ? "yes" : "no");
  259. printf("Server:%s\n", fIncludeServer ? "yes" : "no");
  261. if(pszServerName == NULL)
  262. {
  263. cbServerName = 0;
  265. pRequest = (PSSL_PURGE_SESSION_CACHE_REQUEST)LocalAlloc(LPTR, sizeof(SSL_PURGE_SESSION_CACHE_REQUEST));
  266. if(pRequest == NULL)
  267. {
  268. printf("**** Out of memory\n");
  269. return;
  270. }
  271. }
  272. else
  273. {
  274. cchServerName = MultiByteToWideChar(CP_ACP, 0, pszServerName, -1, NULL, 0);
  275. cbServerName = (cchServerName + 1) * sizeof(WCHAR);
  277. pRequest = LocalAlloc(LPTR, sizeof(SSL_PURGE_SESSION_CACHE_REQUEST) + cbServerName);
  278. if(pRequest == NULL)
  279. {
  280. printf("**** Out of memory\n");
  281. return;
  282. }
  284. cchServerName = MultiByteToWideChar(CP_ACP, 0, pszServerName, -1, (LPWSTR)(pRequest + 1), cchServerName);
  285. if(cchServerName == 0)
  286. {
  287. printf("**** Error converting server name\n");
  288. return;
  289. }
  292. pRequest->ServerName.Buffer = (LPWSTR)(pRequest + 1);
  293. pRequest->ServerName.Length = (WORD)(cchServerName * sizeof(WCHAR));
  294. pRequest->ServerName.MaximumLength = (WORD)cbServerName;
  295. }
  297. pRequest->MessageType = SslPurgeSessionCacheMessage;
  299. if(fIncludeClient)
  300. {
  301. pRequest->Flags |= SSL_PURGE_CLIENT_ENTRIES;
  302. }
  303. if(fIncludeServer)
  304. {
  305. pRequest->Flags |= SSL_PURGE_SERVER_ENTRIES | SSL_PURGE_SERVER_ALL_ENTRIES;
  306. }
  307. if(fIncludeMappedEntries)
  308. {
  309. pRequest->Flags |= SSL_PURGE_SERVER_ENTRIES_DISCARD_LOCATORS;
  310. }
  313. Status = LsaCallAuthenticationPackage(
  314. LsaHandle,
  315. PackageNumber,
  316. pRequest,
  317. sizeof(SSL_PURGE_SESSION_CACHE_REQUEST) + cbServerName,
  318. NULL,
  319. NULL,
  320. &SubStatus);
  321. if(FAILED(Status))
  322. {
  323. printf("**** Error 0x%x returned by LsaCallAuthenticationPackage\n", Status);
  324. return;
  325. }
  327. if(FAILED(SubStatus))
  328. {
  329. if(SubStatus == 0xC0000061)
  330. {
  331. printf("**** The TCB privilege is required to perform this operation.\n");
  332. }
  333. else
  334. {
  335. printf("**** Error 0x%x occurred while purging cache entries.\n", SubStatus);
  336. }
  337. }
  338. }
  341. void
  342. DisplayCacheInfo(
  343. HANDLE LsaHandle,
  344. DWORD PackageNumber,
  345. BOOL fClient,
  346. BOOL fServer)
  347. {
  348. PSSL_SESSION_CACHE_INFO_REQUEST pRequest = NULL;
  349. PSSL_SESSION_CACHE_INFO_RESPONSE pResponse = NULL;
  350. DWORD cbResponse = 0;
  351. DWORD SubStatus;
  352. DWORD Status;
  354. pRequest = (PSSL_SESSION_CACHE_INFO_REQUEST)LocalAlloc(LPTR, sizeof(SSL_SESSION_CACHE_INFO_REQUEST));
  355. if(pRequest == NULL)
  356. {
  357. printf("**** Out of memory\n");
  358. goto cleanup;
  359. }
  361. pRequest->MessageType = SslSessionCacheInfoMessage;
  363. if(fClient)
  364. {
  365. pRequest->Flags |= SSL_RETRIEVE_CLIENT_ENTRIES;
  366. }
  367. if(fServer)
  368. {
  369. pRequest->Flags |= SSL_RETRIEVE_SERVER_ENTRIES;
  370. }
  373. Status = LsaCallAuthenticationPackage(
  374. LsaHandle,
  375. PackageNumber,
  376. pRequest,
  377. sizeof(SSL_SESSION_CACHE_INFO_REQUEST),
  378. &pResponse,
  379. &cbResponse,
  380. &SubStatus);
  381. if(FAILED(Status))
  382. {
  383. printf("**** Error 0x%x returned by LsaCallAuthenticationPackage\n", Status);
  384. goto cleanup;
  385. }
  387. if(FAILED(SubStatus))
  388. {
  389. printf("**** Error 0x%x occurred while reading cache entries.\n", SubStatus);
  390. }
  392. printf("CacheSize: %d \n", pResponse->CacheSize);
  393. printf("Entries: %d \n", pResponse->Entries);
  394. printf("ActiveEntries: %d \n", pResponse->ActiveEntries);
  395. printf("Zombies: %d \n", pResponse->Zombies);
  396. printf("ExpiredZombies: %d \n", pResponse->ExpiredZombies);
  397. printf("AbortedZombies: %d \n", pResponse->AbortedZombies);
  398. printf("DeletedZombies: %d \n", pResponse->DeletedZombies);
  399. printf("\n");
  401. cleanup:
  403. if(pRequest)
  404. {
  405. LocalFree(pRequest);
  406. }
  408. if (pResponse != NULL)
  409. {
  410. LsaFreeReturnBuffer(pResponse);
  411. }
  412. }
  414. void cls(HANDLE hConsole)
  415. {
  416. COORD coordScreen = { 0, 0 }; /* here's where we'll home the
  417. cursor */
  418. BOOL bSuccess;
  419. DWORD cCharsWritten;
  420. CONSOLE_SCREEN_BUFFER_INFO csbi; /* to get buffer info */
  421. DWORD dwConSize; /* number of character cells in
  422. the current buffer */
  424. /* get the number of character cells in the current buffer */
  426. bSuccess = GetConsoleScreenBufferInfo( hConsole, &csbi );
  427. dwConSize = csbi.dwSize.X * csbi.dwSize.Y;
  429. /* fill the entire screen with blanks */
  431. bSuccess = FillConsoleOutputCharacter( hConsole, (TCHAR) ' ',
  432. dwConSize, coordScreen, &cCharsWritten );
  434. /* get the current text attribute */
  436. bSuccess = GetConsoleScreenBufferInfo( hConsole, &csbi );
  438. /* now set the buffer's attributes accordingly */
  440. bSuccess = FillConsoleOutputAttribute( hConsole, csbi.wAttributes,
  441. dwConSize, coordScreen, &cCharsWritten );
  443. /* put the cursor at (0, 0) */
  445. bSuccess = SetConsoleCursorPosition( hConsole, coordScreen );
  446. }
  448. void home(HANDLE hConsole)
  449. {
  450. COORD coordScreen = { 0, 0 }; /* here's where we'll home the
  451. cursor */
  452. BOOL bSuccess;
  454. /* put the cursor at (0, 0) */
  455. bSuccess = SetConsoleCursorPosition( hConsole, coordScreen );
  456. }
  458. void
  459. DisplayCacheInfoInteractive(
  460. HANDLE LsaHandle,
  461. DWORD PackageNumber)
  462. {
  463. HANDLE hConsoleOut;
  465. hConsoleOut = GetStdHandle( STD_OUTPUT_HANDLE );
  467. cls(hConsoleOut);
  469. while(TRUE)
  470. {
  471. home(hConsoleOut);
  473. if(fIncludeClient)
  474. {
  475. printf("--CLIENT--\n");
  476. DisplayCacheInfo(LsaHandle, PackageNumber, TRUE, FALSE);
  477. }
  479. if(fIncludeServer)
  480. {
  481. printf("--SERVER--\n");
  482. DisplayCacheInfo(LsaHandle, PackageNumber, FALSE, TRUE);
  483. }
  485. if(fIncludeClient && fIncludeServer)
  486. {
  487. printf("--TOTAL--\n");
  488. DisplayCacheInfo(LsaHandle, PackageNumber, TRUE, TRUE);
  489. }
  491. Sleep(2000);
  492. }
  493. }